001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.ResourceActionsException;
018 import com.liferay.portal.kernel.exception.PortalException;
019 import com.liferay.portal.kernel.exception.SystemException;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.search.SearchEngineUtil;
023 import com.liferay.portal.kernel.util.ListUtil;
024 import com.liferay.portal.model.AuditedModel;
025 import com.liferay.portal.model.ClassedModel;
026 import com.liferay.portal.model.GroupedModel;
027 import com.liferay.portal.model.PermissionedModel;
028 import com.liferay.portal.model.Resource;
029 import com.liferay.portal.model.ResourceConstants;
030 import com.liferay.portal.model.ResourcePermission;
031 import com.liferay.portal.model.Role;
032 import com.liferay.portal.model.RoleConstants;
033 import com.liferay.portal.model.impl.ResourceImpl;
034 import com.liferay.portal.security.permission.PermissionCacheUtil;
035 import com.liferay.portal.security.permission.PermissionThreadLocal;
036 import com.liferay.portal.security.permission.ResourceActionsUtil;
037 import com.liferay.portal.service.ServiceContext;
038 import com.liferay.portal.service.base.ResourceLocalServiceBaseImpl;
039 import com.liferay.portal.util.ResourcePermissionsThreadLocal;
040
041 import java.util.Arrays;
042 import java.util.Iterator;
043 import java.util.List;
044
045 import org.apache.commons.lang.time.StopWatch;
046
047
054 public class ResourceLocalServiceImpl extends ResourceLocalServiceBaseImpl {
055
056 public void addModelResources(
057 AuditedModel auditedModel, ServiceContext serviceContext)
058 throws PortalException, SystemException {
059
060 ClassedModel classedModel = (ClassedModel)auditedModel;
061
062 if (serviceContext.isAddGroupPermissions() ||
063 serviceContext.isAddGuestPermissions()) {
064
065 addResources(
066 auditedModel.getCompanyId(), getGroupId(auditedModel),
067 auditedModel.getUserId(), classedModel.getModelClassName(),
068 String.valueOf(classedModel.getPrimaryKeyObj()), false,
069 serviceContext.isAddGroupPermissions(),
070 serviceContext.isAddGuestPermissions(),
071 getPermissionedModel(auditedModel));
072 }
073 else {
074 if (serviceContext.isDeriveDefaultPermissions()) {
075 serviceContext.deriveDefaultPermissions(
076 getGroupId(auditedModel), classedModel.getModelClassName());
077 }
078
079 addModelResources(
080 auditedModel.getCompanyId(), getGroupId(auditedModel),
081 auditedModel.getUserId(), classedModel.getModelClassName(),
082 String.valueOf(classedModel.getPrimaryKeyObj()),
083 serviceContext.getGroupPermissions(),
084 serviceContext.getGuestPermissions(),
085 getPermissionedModel(auditedModel));
086 }
087 }
088
089 public void addModelResources(
090 long companyId, long groupId, long userId, String name,
091 long primKey, String[] groupPermissions, String[] guestPermissions)
092 throws PortalException, SystemException {
093
094 addModelResources(
095 companyId, groupId, userId, name, String.valueOf(primKey),
096 groupPermissions, guestPermissions, null);
097 }
098
099 public void addModelResources(
100 long companyId, long groupId, long userId, String name,
101 String primKey, String[] groupPermissions,
102 String[] guestPermissions)
103 throws PortalException, SystemException {
104
105 addModelResources(
106 companyId, groupId, userId, name, primKey, groupPermissions,
107 guestPermissions, null);
108 }
109
110 public void addResources(
111 long companyId, long groupId, long userId, String name,
112 long primKey, boolean portletActions, boolean addGroupPermissions,
113 boolean addGuestPermissions)
114 throws PortalException, SystemException {
115
116 addResources(
117 companyId, groupId, userId, name, String.valueOf(primKey),
118 portletActions, addGroupPermissions, addGuestPermissions, null);
119 }
120
121 public void addResources(
122 long companyId, long groupId, long userId, String name,
123 String primKey, boolean portletActions, boolean addGroupPermissions,
124 boolean addGuestPermissions)
125 throws PortalException, SystemException {
126
127 addResources(
128 companyId, groupId, userId, name, primKey, portletActions,
129 addGroupPermissions, addGuestPermissions, null);
130 }
131
132 public void addResources(
133 long companyId, long groupId, String name, boolean portletActions)
134 throws PortalException, SystemException {
135
136 addResources(
137 companyId, groupId, 0, name, null, portletActions, false, false);
138 }
139
140 public void deleteResource(AuditedModel auditedModel, int scope)
141 throws PortalException, SystemException {
142
143 ClassedModel classedModel = (ClassedModel)auditedModel;
144
145 deleteResource(
146 auditedModel.getCompanyId(), classedModel.getModelClassName(),
147 scope, String.valueOf(classedModel.getPrimaryKeyObj()),
148 getPermissionedModel(auditedModel));
149 }
150
151 public void deleteResource(
152 long companyId, String name, int scope, long primKey)
153 throws PortalException, SystemException {
154
155 deleteResource(companyId, name, scope, String.valueOf(primKey), null);
156 }
157
158 public void deleteResource(
159 long companyId, String name, int scope, String primKey)
160 throws PortalException, SystemException {
161
162 deleteResource(companyId, name, scope, primKey, null);
163 }
164
165 public Resource getResource(
166 long companyId, String name, int scope, String primKey) {
167
168 Resource resource = new ResourceImpl();
169
170 resource.setCompanyId(companyId);
171 resource.setName(name);
172 resource.setScope(scope);
173 resource.setPrimKey(primKey);
174
175 return resource;
176 }
177
178 public boolean hasUserPermissions(
179 long userId, long resourceId, List<Resource> resources,
180 String actionId, long[] roleIds)
181 throws PortalException, SystemException {
182
183 StopWatch stopWatch = null;
184
185 if (_log.isDebugEnabled()) {
186 stopWatch = new StopWatch();
187
188 stopWatch.start();
189 }
190
191 int block = 1;
192
193 boolean hasUserPermissions =
194 resourcePermissionLocalService.hasResourcePermission(
195 resources, roleIds, actionId);
196
197 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
198
199 return hasUserPermissions;
200 }
201
202 public void updateModelResources(
203 AuditedModel auditedModel, ServiceContext serviceContext)
204 throws PortalException, SystemException {
205
206 ClassedModel classedModel = (ClassedModel)auditedModel;
207
208 updateResources(
209 auditedModel.getCompanyId(), getGroupId(auditedModel),
210 classedModel.getModelClassName(),
211 String.valueOf(classedModel.getPrimaryKeyObj()),
212 serviceContext.getGroupPermissions(),
213 serviceContext.getGuestPermissions(),
214 getPermissionedModel(auditedModel));
215 }
216
217 public void updateResources(
218 long companyId, long groupId, String name, long primKey,
219 String[] groupPermissions, String[] guestPermissions)
220 throws PortalException, SystemException {
221
222 updateResources(
223 companyId, groupId, name, String.valueOf(primKey), groupPermissions,
224 guestPermissions, null);
225 }
226
227 public void updateResources(
228 long companyId, long groupId, String name, String primKey,
229 String[] groupPermissions, String[] guestPermissions)
230 throws PortalException, SystemException {
231
232 updateResources(
233 companyId, groupId, name, primKey, groupPermissions,
234 guestPermissions, null);
235 }
236
237 public void updateResources(
238 long companyId, String name, int scope, String primKey,
239 String newPrimKey)
240 throws SystemException {
241
242 if (resourceBlockLocalService.isSupported(name)) {
243
244
245
246
247
248 }
249 else {
250 updateResourcePermissions(
251 companyId, name, scope, primKey, newPrimKey);
252 }
253 }
254
255 protected void addGroupPermissions(
256 long companyId, long groupId, long userId, String name,
257 Resource resource, boolean portletActions,
258 PermissionedModel permissionedModel)
259 throws PortalException, SystemException {
260
261 List<String> actions = null;
262
263 if (portletActions) {
264 actions = ResourceActionsUtil.getPortletResourceGroupDefaultActions(
265 name);
266 }
267 else {
268 actions = ResourceActionsUtil.getModelResourceGroupDefaultActions(
269 name);
270 }
271
272 String[] actionIds = actions.toArray(new String[actions.size()]);
273
274 if (resourceBlockLocalService.isSupported(name)) {
275 addGroupPermissionsBlocks(
276 groupId, resource, actions, permissionedModel);
277 }
278 else {
279 addGroupPermissions(groupId, resource, actionIds);
280 }
281 }
282
283 protected void addGroupPermissions(
284 long groupId, Resource resource, String[] actionIds)
285 throws PortalException, SystemException {
286
287 Role role = roleLocalService.getDefaultGroupRole(groupId);
288
289 resourcePermissionLocalService.setResourcePermissions(
290 resource.getCompanyId(), resource.getName(), resource.getScope(),
291 resource.getPrimKey(), role.getRoleId(), actionIds);
292 }
293
294 protected void addGroupPermissionsBlocks(
295 long groupId, Resource resource, List<String> actionIds,
296 PermissionedModel permissionedModel)
297 throws PortalException, SystemException {
298
299 if (permissionedModel == null) {
300 throw new IllegalArgumentException("Permissioned model is null");
301 }
302
303
304
305 Role role = roleLocalService.getDefaultGroupRole(groupId);
306
307 resourceBlockLocalService.setIndividualScopePermissions(
308 resource.getCompanyId(), groupId, resource.getName(),
309 permissionedModel, role.getRoleId(), actionIds);
310 }
311
312 protected void addGuestPermissions(
313 long companyId, long groupId, long userId, String name,
314 Resource resource, boolean portletActions,
315 PermissionedModel permissionedModel)
316 throws PortalException, SystemException {
317
318 List<String> actions = null;
319
320 if (portletActions) {
321 actions = ResourceActionsUtil.getPortletResourceGuestDefaultActions(
322 name);
323 }
324 else {
325 actions = ResourceActionsUtil.getModelResourceGuestDefaultActions(
326 name);
327 }
328
329 String[] actionIds = actions.toArray(new String[actions.size()]);
330
331 if (resourceBlockLocalService.isSupported(name)) {
332 addGuestPermissionsBlocks(
333 companyId, groupId, resource, actions, permissionedModel);
334 }
335 else {
336 addGuestPermissions(companyId, resource, actionIds);
337 }
338 }
339
340 protected void addGuestPermissions(
341 long companyId, Resource resource, String[] actionIds)
342 throws PortalException, SystemException {
343
344 Role guestRole = roleLocalService.getRole(
345 companyId, RoleConstants.GUEST);
346
347 resourcePermissionLocalService.setResourcePermissions(
348 resource.getCompanyId(), resource.getName(), resource.getScope(),
349 resource.getPrimKey(), guestRole.getRoleId(), actionIds);
350 }
351
352 protected void addGuestPermissionsBlocks(
353 long companyId, long groupId, Resource resource,
354 List<String> actionIds, PermissionedModel permissionedModel)
355 throws PortalException, SystemException {
356
357 if (permissionedModel == null) {
358 throw new IllegalArgumentException("Permissioned model is null");
359 }
360
361
362
363 Role guestRole = roleLocalService.getRole(
364 companyId, RoleConstants.GUEST);
365
366 resourceBlockLocalService.setIndividualScopePermissions(
367 resource.getCompanyId(), groupId, resource.getName(),
368 permissionedModel, guestRole.getRoleId(), actionIds);
369 }
370
371 protected void addModelResources(
372 long companyId, long groupId, long userId, Resource resource,
373 String[] groupPermissions, String[] guestPermissions,
374 PermissionedModel permissionedModel)
375 throws PortalException, SystemException {
376
377
378
379 Role ownerRole = roleLocalService.getRole(
380 companyId, RoleConstants.OWNER);
381
382 List<String> ownerActionIds =
383 ResourceActionsUtil.getModelResourceActions(resource.getName());
384
385 ownerActionIds = ListUtil.copy(ownerActionIds);
386
387 filterOwnerActions(resource.getName(), ownerActionIds);
388
389 String[] ownerPermissions = ownerActionIds.toArray(
390 new String[ownerActionIds.size()]);
391
392
393
394 Role defaultGroupRole = null;
395
396 if (groupId > 0) {
397 defaultGroupRole = roleLocalService.getDefaultGroupRole(groupId);
398
399 if (groupPermissions == null) {
400 groupPermissions = new String[0];
401 }
402 }
403
404
405
406 Role guestRole = roleLocalService.getRole(
407 companyId, RoleConstants.GUEST);
408
409 if (guestPermissions == null) {
410 guestPermissions = new String[0];
411 }
412
413 if (resourceBlockLocalService.isSupported(resource.getName())) {
414
415 if (permissionedModel == null) {
416 throw new IllegalArgumentException(
417 "Permissioned model is null");
418 }
419
420
421
422 resourceBlockLocalService.setIndividualScopePermissions(
423 resource.getCompanyId(), groupId, resource.getName(),
424 permissionedModel, ownerRole.getRoleId(), ownerActionIds);
425
426 if (groupId > 0) {
427 resourceBlockLocalService.setIndividualScopePermissions(
428 resource.getCompanyId(), groupId, resource.getName(),
429 permissionedModel, defaultGroupRole.getRoleId(),
430 Arrays.asList(groupPermissions));
431 }
432
433 resourceBlockLocalService.setIndividualScopePermissions(
434 resource.getCompanyId(), groupId, resource.getName(),
435 permissionedModel, guestRole.getRoleId(),
436 Arrays.asList(guestPermissions));
437 }
438 else {
439 resourcePermissionLocalService.setOwnerResourcePermissions(
440 resource.getCompanyId(), resource.getName(),
441 resource.getScope(), resource.getPrimKey(),
442 ownerRole.getRoleId(), userId, ownerPermissions);
443
444 if (groupId > 0) {
445 resourcePermissionLocalService.setResourcePermissions(
446 resource.getCompanyId(), resource.getName(),
447 resource.getScope(), resource.getPrimKey(),
448 defaultGroupRole.getRoleId(), groupPermissions);
449 }
450
451 resourcePermissionLocalService.setResourcePermissions(
452 resource.getCompanyId(), resource.getName(),
453 resource.getScope(), resource.getPrimKey(),
454 guestRole.getRoleId(), guestPermissions);
455 }
456 }
457
458 protected void addModelResources(
459 long companyId, long groupId, long userId, String name,
460 String primKey, String[] groupPermissions,
461 String[] guestPermissions, PermissionedModel permissionedModel)
462 throws PortalException, SystemException {
463
464 if (!PermissionThreadLocal.isAddResource()) {
465 return;
466 }
467
468 validate(name, false);
469
470 if (primKey == null) {
471 return;
472 }
473
474
475
476 Resource resource = getResource(
477 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
478
479
480
481 boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
482
483 PermissionThreadLocal.setIndexEnabled(false);
484
485 try {
486 addModelResources(
487 companyId, groupId, userId, resource, groupPermissions,
488 guestPermissions, permissionedModel);
489 }
490 finally {
491 PermissionThreadLocal.setIndexEnabled(flushEnabled);
492
493 PermissionCacheUtil.clearCache();
494
495 SearchEngineUtil.updatePermissionFields(name, primKey);
496 }
497 }
498
499 protected void addResources(
500 long companyId, long groupId, long userId, Resource resource,
501 boolean portletActions, PermissionedModel permissionedModel)
502 throws PortalException, SystemException {
503
504 List<String> actionIds = null;
505
506 if (portletActions) {
507 actionIds = ResourceActionsUtil.getPortletResourceActions(
508 resource.getName());
509 }
510 else {
511 actionIds = ResourceActionsUtil.getModelResourceActions(
512 resource.getName());
513
514 actionIds = ListUtil.copy(actionIds);
515
516 filterOwnerActions(resource.getName(), actionIds);
517 }
518
519 Role role = roleLocalService.getRole(companyId, RoleConstants.OWNER);
520
521 if (resourceBlockLocalService.isSupported(resource.getName())) {
522 if (permissionedModel == null) {
523 throw new IllegalArgumentException(
524 "Permissioned model is null");
525 }
526
527
528
529 resourceBlockLocalService.setIndividualScopePermissions(
530 resource.getCompanyId(), groupId, resource.getName(),
531 permissionedModel, role.getRoleId(), actionIds);
532 }
533 else {
534 resourcePermissionLocalService.setOwnerResourcePermissions(
535 resource.getCompanyId(), resource.getName(),
536 resource.getScope(), resource.getPrimKey(), role.getRoleId(),
537 userId, actionIds.toArray(new String[actionIds.size()]));
538 }
539 }
540
541 protected void addResources(
542 long companyId, long groupId, long userId, String name,
543 String primKey, boolean portletActions, boolean addGroupPermissions,
544 boolean addGuestPermissions, PermissionedModel permissionedModel)
545 throws PortalException, SystemException {
546
547 if (!PermissionThreadLocal.isAddResource()) {
548 return;
549 }
550
551 validate(name, portletActions);
552
553 if (primKey == null) {
554 return;
555 }
556
557
558
559 Resource resource = getResource(
560 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
561
562
563
564 boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
565
566 PermissionThreadLocal.setIndexEnabled(false);
567
568 List<ResourcePermission> resourcePermissions =
569 resourcePermissionPersistence.findByC_N_S_P(
570 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
571
572 ResourcePermissionsThreadLocal.setResourcePermissions(
573 resourcePermissions);
574
575 try {
576 addResources(
577 companyId, groupId, userId, resource, portletActions,
578 permissionedModel);
579
580
581
582 if ((groupId > 0) && addGroupPermissions) {
583 addGroupPermissions(
584 companyId, groupId, userId, name, resource, portletActions,
585 permissionedModel);
586 }
587
588
589
590 if (addGuestPermissions) {
591
592
593
594
595 addGuestPermissions(
596 companyId, groupId, userId, name, resource, portletActions,
597 permissionedModel);
598 }
599 }
600 finally {
601 ResourcePermissionsThreadLocal.setResourcePermissions(null);
602
603 PermissionThreadLocal.setIndexEnabled(flushEnabled);
604
605 PermissionCacheUtil.clearCache();
606
607 SearchEngineUtil.updatePermissionFields(name, primKey);
608 }
609 }
610
611 protected void deleteResource(
612 long companyId, String name, int scope, String primKey,
613 PermissionedModel permissionedModel)
614 throws PortalException, SystemException {
615
616 if (resourceBlockLocalService.isSupported(name)) {
617 if (permissionedModel == null) {
618 throw new IllegalArgumentException(
619 "Permissioned model is null");
620 }
621
622 resourceBlockLocalService.releasePermissionedModelResourceBlock(
623 permissionedModel);
624
625 return;
626 }
627
628 resourcePermissionLocalService.deleteResourcePermissions(
629 companyId, name, scope, primKey);
630 }
631
632 protected void filterOwnerActions(String name, List<String> actionIds) {
633 List<String> defaultOwnerActions =
634 ResourceActionsUtil.getModelResourceOwnerDefaultActions(name);
635
636 if (defaultOwnerActions.isEmpty()) {
637 return;
638 }
639
640 Iterator<String> itr = actionIds.iterator();
641
642 while (itr.hasNext()) {
643 String actionId = itr.next();
644
645 if (!defaultOwnerActions.contains(actionId)) {
646 itr.remove();
647 }
648 }
649 }
650
651 protected long getGroupId(AuditedModel auditedModel) {
652 long groupId = 0;
653
654 if (auditedModel instanceof GroupedModel) {
655 GroupedModel groupedModel = (GroupedModel)auditedModel;
656
657 groupId = groupedModel.getGroupId();
658 }
659
660 return groupId;
661 }
662
663 protected PermissionedModel getPermissionedModel(
664 AuditedModel auditedModel) {
665
666 PermissionedModel permissionedModel = null;
667
668 if (auditedModel instanceof PermissionedModel) {
669 permissionedModel = (PermissionedModel)auditedModel;
670 }
671
672 return permissionedModel;
673 }
674
675 protected void logHasUserPermissions(
676 long userId, long resourceId, String actionId, StopWatch stopWatch,
677 int block) {
678
679 if (!_log.isDebugEnabled()) {
680 return;
681 }
682
683 _log.debug(
684 "Checking user permissions block " + block + " for " + userId +
685 " " + resourceId + " " + actionId + " takes " +
686 stopWatch.getTime() + " ms");
687 }
688
689 protected void updateResourceBlocks(
690 long companyId, long groupId, Resource resource,
691 String[] groupPermissions, String[] guestPermissions,
692 PermissionedModel permissionedModel)
693 throws PortalException, SystemException {
694
695 if (permissionedModel == null) {
696 throw new IllegalArgumentException("Permissioned model is null");
697 }
698
699
700
701 Role role = roleLocalService.getDefaultGroupRole(groupId);
702
703 resourceBlockLocalService.setIndividualScopePermissions(
704 companyId, groupId, resource.getName(), permissionedModel,
705 role.getRoleId(), Arrays.asList(groupPermissions));
706
707 role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
708
709 resourceBlockLocalService.setIndividualScopePermissions(
710 companyId, groupId, resource.getName(), permissionedModel,
711 role.getRoleId(), Arrays.asList(guestPermissions));
712 }
713
714 protected void updateResourcePermissions(
715 long companyId, long groupId, Resource resource,
716 String[] groupPermissions, String[] guestPermissions)
717 throws PortalException, SystemException {
718
719 Role role = roleLocalService.getDefaultGroupRole(groupId);
720
721 resourcePermissionLocalService.setResourcePermissions(
722 resource.getCompanyId(), resource.getName(), resource.getScope(),
723 resource.getPrimKey(), role.getRoleId(), groupPermissions);
724
725 role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
726
727 resourcePermissionLocalService.setResourcePermissions(
728 resource.getCompanyId(), resource.getName(), resource.getScope(),
729 resource.getPrimKey(), role.getRoleId(), guestPermissions);
730 }
731
732 protected void updateResourcePermissions(
733 long companyId, String name, int scope, String primKey,
734 String newPrimKey)
735 throws SystemException {
736
737 List<ResourcePermission> resourcePermissions =
738 resourcePermissionLocalService.getResourcePermissions(
739 companyId, name, scope, primKey);
740
741 for (ResourcePermission resourcePermission : resourcePermissions) {
742 resourcePermission.setPrimKey(newPrimKey);
743
744 resourcePermissionPersistence.update(resourcePermission);
745 }
746 }
747
748 protected void updateResources(
749 long companyId, long groupId, String name, String primKey,
750 String[] groupPermissions, String[] guestPermissions,
751 PermissionedModel permissionedModel)
752 throws PortalException, SystemException {
753
754 Resource resource = getResource(
755 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
756
757 if (groupPermissions == null) {
758 groupPermissions = new String[0];
759 }
760
761 if (guestPermissions == null) {
762 guestPermissions = new String[0];
763 }
764
765 if (resourceBlockLocalService.isSupported(name)) {
766 updateResourceBlocks(
767 companyId, groupId, resource, groupPermissions,
768 guestPermissions, permissionedModel);
769 }
770 else {
771 updateResourcePermissions(
772 companyId, groupId, resource, groupPermissions,
773 guestPermissions);
774 }
775 }
776
777 protected void validate(String name, boolean portletActions)
778 throws PortalException {
779
780 List<String> actions = null;
781
782 if (portletActions) {
783 actions = ResourceActionsUtil.getPortletResourceActions(name);
784 }
785 else {
786 actions = ResourceActionsUtil.getModelResourceActions(name);
787 }
788
789 if (actions.size() == 0) {
790 throw new ResourceActionsException(
791 "There are no actions associated with the resource " + name);
792 }
793 }
794
795 private static Log _log = LogFactoryUtil.getLog(
796 ResourceLocalServiceImpl.class);
797
798 }